IN THE CLAIMS: 

The following listing of claims will replace all prior versions, and listings, of claims in the 
application. 

1. (currently amended) A distributed access control system that restricts access to secured items, 
smd tiie system comprising: 

a central server having a server module that provides overall access control; and 

a plurality of local servers, each of the local servers including a local module that 

provides local access control, 

wherein the access control, performed by said ttie central server or said tiie local servers, 

operates to permit or deny access requests to the secured items by requestors. 

2. (currently amended) A distributed access control system as recited in claim 1, wherein s«d tiie 
access control system couples to an enterprise network to restrict access to the secured files 
stored in a data storage device coupled to the enterprise network. 

3. (currently amended) A distributed access control system as recited in claim [[2]] 1, wherein 
the access requests are at least primarily processed in a distributed manner by said the local 
servers. 

4. (currently amended) A distributed access control system as recited in claim [[3]] 1, wherein 
when the access requests are processed bvthe said local servers, the requestors gain access to the 
secured files without having to access said central server. 



PA2902US 



2 



5. (currently amended) A distributed access control system as recited in claim [[2]] i, wherein 
each the local module-e»^ comprises a copy of the server module so any of the each local 
modules server can operate independent of said ttie central server and each other of smdthe 
plurality of local servers. 

6. (currently amended) A distributed access control system as recited in claim [[2]] i, wherein 
the local module can b e comprises a subset of the server module. 

7. (currently amended) A distributed access control system as recited in claim [[2]] i, wherein 
access permissions for said ttie local servers can be are dynamically configured to pass a 
requestor from one of said the local servers to another of said the local servers, thereby enabUng 
access control to be performed by the another of said the local servers such as when the location 
of the requestor changes. 

8. (currently amended) A distributed access control system as recited in claim [[2]] 1, wherein 
the secured items are secured files. 

9. (currently amended) A distributed access control system as recited in claim [[2]] i, wherein 
the secured items are secured by encryption. 
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10. (currently amended) A method for providing access management through use of a plurality 
of server machines associated with different locations, said the method comprising th e acts of : 

(a) authenticating a user with a first server machine of the pluraUty of server machines 
with respect to a prior access request; 

(b) subsequently receiving a current access request to access a secured item via a second 
server machine of the plurality of server machines; 

(c) reconfiguring the first server machine to prevent fiirther access by the user to secured 
items via the first server machine; and 

(d) reconfiguring the second server machine to permit access by the user to at least the 
secured item via the second server machine. 

1 1 . (currently amended) A method as recited in claim 10, wherein sad tiie authenticating (a) 
authenticates both the user and a client machine being used by the user. 

12. (original) A method as recited in claim 10, wherein the first server machine and the second 
server machine are access points for the user to gain access to secured items. 

13. (original) A method as recited in claim 10, wherein when the user is at a first location, the 
user interacts over a network with the first server machine using a first chent machine at the first 
location, and 

wherein when the user is at a second location, the user interacts over a network with the 
second server machine using a second client machine at the second location. 
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14. (currently amended) A method as recited in claim [[13]] 10, wherein said the method further 
comprises at least the acts of : 

[[(f)]] determining, prior to sm4 reconfiguring (c) or (d), whether the user is permitted to 
gain access from a second location to secured items via the second server machine. 

15. (currently amended) A method as recited in claim [[13]] 10, wherein said authenticating (a) 
of the user occurs while the user is at a first location, and wherein s«d receiving (a) of the access 
request to access the secured item from the user occurs while the user is at a second location. 

16. (currently amended) A method as recited in claim [[16]] 10, wherein said tiie method fiirther 
comprises at least the acts of : 

(e) determining permitted locations from which the user is permitted to gain access to 
secured documents; 

(f) determining, prior to said reconfiguring (c) or (d), whether the second location is one 
of the permitted locations for the user; and 

(g) bypassing s^ reconfiguring (c) or (d) when said determining (f) determines that the 
second location is not one of the permitted locations for the user. 
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17. (original) A method as recited in claim 16, wherein when the user is at the first location, the 
user interacts over a network with the first server machine using a first client machine at the first 
location, and wherein when the user is at the second location, the user interacts over a network 
with the second server machine using a second client machine at the second location. 

18. (currently amended) A computer readable medium including at least computer program code 
for providing access management through use of a plurality of server machines associated with 
different locations, said ttie computer readable medium comprising: 

computer program code for authenticating a, user with a first server machine of the 
plurality of server machines with respect to a prior access request; 

computer program code for subsequently receiving a current access request to access a 
secured item via a second server machine of the plurality of server machines; 

computer program code for reconfiguring the first server machine to prevent fiirther 
access by the user to secured items via the first server machine; and 

computer program code for reconfiguring the second server machine to permit access by 
the user to at least the secured item via the second server machine. 
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19. (original) A computer readable medium as recited in claim 18, wherein when the user is at a 
first location, the user interacts over a network with the first server machine using a first client 
machine at the first location, and 

wherein when the user is at a second location, the user interacts over a network with the 
second server machine using a second client inachine at the second location. 

20. (currently amended) A computer readable medium as recited in claim [[19]] 18, wh e rein said 
m e thod further comprising compris e s : 

computer program code for determining, prior to the reconfiguring of either the first 
server machine or the second server machine, whether the user is permitted to gain access from a 
second location to secured items via the second server machine. 
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